CVE List - 2024 / March
Showing 3001 - 3100 of 3299 CVEs for March 2024 (Page 31 of 33)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-30421 | 2024-03-28 | WordPress Events Manager plugin <= 6.4.7.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-30422 | 2024-03-28 | WordPress Elementor Addon Elements plugin <= 1.13.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-27775 | 2024-03-28 | SysAid - CWE-918: Server-Side Request Forgery (SSRF) |
| CVE-2024-29896 | 2024-03-28 | Astro-Shield's Content-Security-Policy header generation in middleware could be compromised by malicious injections |
| CVE-2023-6437 | 2024-03-28 | Authenticated RCE |
| CVE-2024-28109 | 2024-03-28 | Potential XSLT injection vulnerability when using policy files |
| CVE-2024-29200 | 2024-03-28 | API returns timesheet entries a user should not be authorized to view |
| CVE-2024-29882 | 2024-03-28 | SRS DOM - XSS on JSONP callback |
| CVE-2024-29897 | 2024-03-28 | CreateWiki Leak of suppressed wiki requests outside of `CreateWikiGlobalWiki` |
| CVE-2024-29898 | 2024-03-28 | Oversight in fix for GHSA-4rcf-3cj2-46mq may have exposed suppressed wiki requests on private wikis |
| CVE-2023-45705 | 2024-03-28 | HCL BigFix Platform is susceptible to Server Side Request Forgery (SSRF) |
| CVE-2023-45706 | 2024-03-28 | HCL BigFix Platform is susceptible to Cross Site Scripting (XSS) and/or Man in the Middle (MITM) attack |
| CVE-2023-45715 | 2024-03-28 | HCL BigFix Platform is susceptible to a Denial of Service attack |
| CVE-2024-3039 | 2024-03-28 | Shanghai Brad Technology BladeX API export-user sql injection |
| CVE-2024-3040 | 2024-03-28 | Netentsec NS-ASG Application Security Gateway list_crl_conf sql injection |
| CVE-2024-0259 | 2024-03-28 | Privilege Escalation in Robot Schedule Enterprise Agent for Windows prior to version 3.04 |
| CVE-2024-3041 | 2024-03-28 | Netentsec NS-ASG Application Security Gateway listloginfo.php sql injection |
| CVE-2024-3042 | 2024-03-28 | SourceCodester Simple Subscription Website manage_user.php sql injection |
| CVE-2024-31134 | 2024-03-28 | In JetBrains TeamCity before 2024.03 authenticated users without administrative permissions could register other users when self-registration was disabled |
| CVE-2024-31135 | 2024-03-28 | In JetBrains TeamCity before 2024.03 open redirect was possible on the login page |
| CVE-2024-31136 | 2024-03-28 | In JetBrains TeamCity before 2024.03 2FA could be bypassed by providing a special URL parameter |
| CVE-2024-31137 | 2024-03-28 | In JetBrains TeamCity before 2024.03 reflected XSS was possible via Space connection configuration |
| CVE-2024-31138 | 2024-03-28 | In JetBrains TeamCity before 2024.03 xSS was possible via Agent Distribution settings |
| CVE-2024-31139 | 2024-03-28 | In JetBrains TeamCity before 2024.03 xXE was possible in the Maven build steps detector |
| CVE-2024-31140 | 2024-03-28 | In JetBrains TeamCity before 2024.03 server administrators could remove arbitrary files from the server by installing tools |
| CVE-2023-42892 | 2024-03-28 | A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.6.3, macOS Sonoma 14.2, macOS Monterey 12.7.2. A local attacker may be able to... |
| CVE-2023-42962 | 2024-03-28 | This issue was addressed with improved checks This issue is fixed in iOS 17.2 and iPadOS 17.2, iOS 16.7.3 and iPadOS 16.7.3. A remote attacker may be able to cause... |
| CVE-2023-42974 | 2024-03-28 | A race condition was addressed with improved state handling. This issue is fixed in macOS Monterey 12.7.2, macOS Ventura 13.6.3, iOS 17.2 and iPadOS 17.2, iOS 16.7.3 and iPadOS 16.7.3,... |
| CVE-2023-42893 | 2024-03-28 | A permissions issue was addressed by removing vulnerable code and adding additional checks. This issue is fixed in macOS Monterey 12.7.2, macOS Ventura 13.6.3, iOS 17.2 and iPadOS 17.2, iOS... |
| CVE-2023-40390 | 2024-03-28 | A privacy issue was addressed by moving sensitive data to a protected location. This issue is fixed in macOS Sonoma 14.2. An app may be able to access user-sensitive data. |
| CVE-2023-42913 | 2024-03-28 | This issue was addressed through improved state management. This issue is fixed in macOS Sonoma 14.2. Remote Login sessions may be able to obtain full disk access permissions. |
| CVE-2023-42930 | 2024-03-28 | This issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.6.3, macOS Sonoma 14.2, macOS Monterey 12.7.2. An app may be able to modify protected parts... |
| CVE-2023-42896 | 2024-03-28 | An issue was addressed with improved handling of temporary files. This issue is fixed in macOS Monterey 12.7.2, macOS Ventura 13.6.3, iOS 17.2 and iPadOS 17.2, iOS 16.7.3 and iPadOS... |
| CVE-2023-42947 | 2024-03-28 | A path handling issue was addressed with improved validation. This issue is fixed in macOS Monterey 12.7.2, macOS Ventura 13.6.3, iOS 17.2 and iPadOS 17.2, tvOS 17.2, watchOS 10.2, macOS... |
| CVE-2023-42950 | 2024-03-28 | A use after free issue was addressed with improved memory management. This issue is fixed in Safari 17.2, iOS 17.2 and iPadOS 17.2, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2.... |
| CVE-2023-42931 | 2024-03-28 | The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.6.3, macOS Sonoma 14.2, macOS Monterey 12.7.2. A process may gain admin privileges without proper authentication. |
| CVE-2023-42936 | 2024-03-28 | This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Monterey 12.7.2, macOS Ventura 13.6.3, iOS 17.2 and iPadOS 17.2, tvOS 17.2, watchOS 10.2,... |
| CVE-2023-42956 | 2024-03-28 | The issue was addressed with improved memory handling. This issue is fixed in Safari 17.2, iOS 17.2 and iPadOS 17.2, macOS Sonoma 14.2. Processing web content may lead to a... |
| CVE-2024-25959 | 2024-03-28 | Dell PowerScale OneFS versions 9.4.0.x through 9.7.0.x contains an insertion of sensitive information into log file vulnerability. A low privileged local attacker could potentially exploit this vulnerability, leading to sensitive... |
| CVE-2024-25961 | 2024-03-28 | Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.x contains an improper privilege management vulnerability. A local high privileged attacker could potentially exploit this vulnerability, leading to escalation of privileges. |
| CVE-2024-25960 | 2024-03-28 | Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.x contains a cleartext transmission of sensitive information vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to escalation of privileges. |
| CVE-2024-25952 | 2024-03-28 | Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.x contains an UNIX symbolic link (symlink) following vulnerability. A local high privileged attacker could potentially exploit this vulnerability, leading to denial of service,... |
| CVE-2024-25953 | 2024-03-28 | Dell PowerScale OneFS versions 9.4.0.x through 9.7.0.x contains an UNIX symbolic link (symlink) following vulnerability. A local high privileged attacker could potentially exploit this vulnerability, leading to denial of service,... |
| CVE-2024-2947 | 2024-03-28 | Cockpit: command injection when deleting a sosreport with a crafted name |
| CVE-2024-3019 | 2024-03-28 | Pcp: exposure of the redis server backend allows remote command execution via pmproxy |
| CVE-2024-25963 | 2024-03-28 | Dell PowerScale OneFS, versions 8.2.2.x through 9.5.0.x contains a use of a broken cryptographic algorithm vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to information disclosure. |
| CVE-2024-25954 | 2024-03-28 | Dell PowerScale OneFS, versions 9.5.0.x through 9.7.0.x, contain an insufficient session expiration vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to denial of service. |
| CVE-2024-25971 | 2024-03-28 | Dell PowerProtect Data Manager, version 19.15, contains an XML External Entity Injection vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to information disclosure, denial-of-service. |
| CVE-2024-25946 | 2024-03-28 | Dell vApp Manager, versions prior to 9.2.4.9 contain a Command Injection Vulnerability. An authorized attacker could potentially exploit this vulnerability leading to an execution of an inserted command. Dell recommends... |
| CVE-2024-25955 | 2024-03-28 | Dell vApp Manager, versions prior to 9.2.4.9 contain a Command Injection Vulnerability. An authorized attacker could potentially exploit this vulnerability leading to an execution of an inserted command. Dell recommends... |
| CVE-2023-49231 | 2024-03-29 | An authentication bypass vulnerability was found in Stilog Visual Planning 8. It allows an unauthenticated attacker to receive an administrative API token. |
| CVE-2024-27619 | 2024-03-29 | Dlink Dir-3040us A1 1.20b03a hotfix is vulnerable to Buffer Overflow. Any user having read/write access to ftp server can write directly to ram causing buffer overflow if file or files... |
| CVE-2024-28405 | 2024-03-29 | SEMCMS 4.8 is vulnerable to Incorrect Access Control. The code installs SEMCMS_Funtion.php before checking if the admin is a valid user in the admin page because authentication function is called... |
| CVE-2024-29640 | 2024-03-29 | An issue in aliyundrive-webdav v.2.3.3 and before allows a remote attacker to execute arbitrary code via a crafted payload to the sid parameter in the action_query_qrcode component. |
| CVE-2024-29686 | 2024-03-29 | Server-side Template Injection (SSTI) vulnerability in Winter CMS v.1.2.3 allows a remote attacker to execute arbitrary code via a crafted payload to the CMS Pages field and Plugin components. NOTE:... |
| CVE-2024-30613 | 2024-03-29 | Tenda AC15 v15.03.05.18 has a stack overflow vulnerability in the time parameter from the setSmartPowerManagement function. |
| CVE-2024-30622 | 2024-03-29 | Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the mitInterface parameter from fromAddressNat function. |
| CVE-2024-30623 | 2024-03-29 | Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the page parameter from fromDhcpListClient function. |
| CVE-2024-30624 | 2024-03-29 | Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the urls parameter from saveParentControlInfo function. |
| CVE-2024-30625 | 2024-03-29 | Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the entrys parameter from fromAddressNat function. |
| CVE-2024-30626 | 2024-03-29 | Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the schedEndTime parameter from setSchedWifi function. |
| CVE-2024-30627 | 2024-03-29 | Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the deviceId parameter from saveParentControlInfo function. |
| CVE-2024-30629 | 2024-03-29 | Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the list1 parameter from fromDhcpListClient function. |
| CVE-2024-30630 | 2024-03-29 | Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the time parameter from saveParentControlInfo function. |
| CVE-2024-30631 | 2024-03-29 | Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the schedStartTime parameter from setSchedWifi function. |
| CVE-2024-30632 | 2024-03-29 | Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the security_5g parameter from formWifiBasicSet function. |
| CVE-2024-30633 | 2024-03-29 | Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the security parameter from the formWifiBasicSet function. |
| CVE-2024-30634 | 2024-03-29 | Tenda F1202 v1.2.0.20(408) has a stack overflow vulnerability via the mitInterface parameter in the fromAddressNat function. |
| CVE-2024-30636 | 2024-03-29 | Tenda F1202 v1.2.0.20(408) has a stack overflow vulnerability via the PPPOEPassword parameter in the formQuickIndex function. |
| CVE-2024-30637 | 2024-03-29 | Tenda F1202 v1.2.0.20(408) has a command injection vulnerablility in the formWriteFacMac function in the mac parameter. |
| CVE-2024-30638 | 2024-03-29 | Tenda F1202 v1.2.0.20(408) has a stack overflow vulnerability via the entrys parameter in the fromAddressNat function. |
| CVE-2024-30639 | 2024-03-29 | Tenda F1202 v1.2.0.20(408) has a stack overflow vulnerability in the page parameter of fromAddressNat function. |
| CVE-2024-30645 | 2024-03-29 | Tenda AC15V1.0 V15.03.20_multi has a command injection vulnerability via the deviceName parameter. |
| CVE-2024-31032 | 2024-03-29 | An issue in Huashi Private Cloud CDN Live Streaming Acceleration Server hgateway-sixport v.1.1.2 allows a remote attacker to execute arbitrary code via the manager/ipping.php component. |
| CVE-2023-49232 | 2024-03-29 | An authentication bypass vulnerability was found in Stilog Visual Planning 8. It allows an unauthenticated attacker to brute-force the password reset PINs of administrative users. |
| CVE-2023-49234 | 2024-03-29 | An XML external entity (XXE) vulnerability was found in Stilog Visual Planning 8. It allows an authenticated attacker to access local server files and exfiltrate data to an external server. |
| CVE-2024-28960 | 2024-03-29 | An issue was discovered in Mbed TLS 2.18.0 through 2.28.x before 2.28.8 and 3.x before 3.6.0, and Mbed Crypto. The PSA Crypto API mishandles shared memory. |
| CVE-2024-29667 | 2024-03-29 | SQL Injection vulnerability in Tongtianxing Technology Co., Ltd CMSV6 v.7.31.0.2 through v.7.31.0.3 allows a remote attacker to escalate privileges and obtain sensitive information via the ids parameter. |
| CVE-2024-30628 | 2024-03-29 | Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the page parameter from fromAddressNat function. |
| CVE-2024-30635 | 2024-03-29 | Tenda F1202 v1.2.0.20(408) has a stack overflow vulnerability located in the funcpara1 parameter in the formSetCfm function. |
| CVE-2024-2475 | 2024-03-29 | The Media Library Assistant plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 3.13 due to insufficient input sanitization... |
| CVE-2024-2841 | 2024-03-29 | The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up... |
| CVE-2024-1729 | 2024-03-29 | Timing Attack Vulnerability in gradio-app/gradio |
| CVE-2024-3077 | 2024-03-29 | Bluetooth: integer underflow in gatt_find_info_rsp |
| CVE-2024-2936 | 2024-03-29 | The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the _id attribute of widgets in all versions up to, and including, 1.26 due to insufficient input... |
| CVE-2024-2842 | 2024-03-29 | The Easy Appointments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ea_full_calendar' shortcode in all versions up to, and including, 3.11.18 due to insufficient input sanitization... |
| CVE-2024-2844 | 2024-03-29 | The Easy Appointments plugin for WordPress is vulnerable to unauthorized modification of data due to insufficient user validation on the ajax_cancel_appointment() function in all versions up to, and including, 3.11.18.... |
| CVE-2024-2968 | 2024-03-29 | The WP-Eggdrop plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 0.1 due to insufficient input sanitization and output escaping.... |
| CVE-2024-2963 | 2024-03-29 | The Pocket News Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings such as "Consumer Key" and "Access Token" in all versions up to, and including,... |
| CVE-2024-2969 | 2024-03-29 | The WP-Eggdrop plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.1. This is due to missing or incorrect nonce validation on the... |
| CVE-2024-2970 | 2024-03-29 | The News Wall plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.0. This is due to missing or incorrect nonce validation on... |
| CVE-2024-2113 | 2024-03-29 | The Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including,... |
| CVE-2024-2116 | 2024-03-29 | The Christmas Greetings plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the code parameter in all versions up to, and including, 1.2.5 due to insufficient input sanitization and... |
| CVE-2024-1858 | 2024-03-29 | The Lightbox slider – Responsive Lightbox Gallery plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.9.9 via deserialization of untrusted input through... |
| CVE-2024-0913 | 2024-03-29 | The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to time-based SQL Injection via the erp/v1/accounting/v1/transactions/sales REST... |
| CVE-2024-2476 | 2024-03-29 | The OceanWP theme for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the load_theme_panel_pane function in all versions up to, and including, 3.5.4.... |
| CVE-2024-2108 | 2024-03-29 | The Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an image title embedded into a... |
| CVE-2024-0608 | 2024-03-29 | The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to union-based SQL Injection via the 'email' parameter... |
| CVE-2024-0609 | 2024-03-29 | The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'api_key' parameter... |
| CVE-2024-2964 | 2024-03-29 | The Pocket News Generator plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.2.0. This is due to missing or incorrect nonce validation... |